#!/bin/bash
path="/mnt/zimbra/user-sync"
timestamp=`date +%F-%H-%M`
tmp_dir=$path/tmp
zim_us=$tmp_dir/zim-us
log_dir=$path/log
log=$log_dir/grouplog_$timestamp.txt
usname=$tmp_dir/usname
zmcmdfile=$tmp_dir/zmcmdfile
userfil=$tmp_dir/userfil
mutt="/usr/bin/mutt"
domain="test.ru"
zmprov="/opt/zimbra/bin/zmprov"
ldapsearch=/opt/zimbra/common/bin/ldapsearch
ldap_server="ldap://test.local:389"
basedn="DC=test,DC=local"
binddn="CN=zimbra,CN=Users,DC=test,DC=local"
bindpw="qwe123"
filter="(memberof=cn=mail,cn=users,dc=test,dc=local)"
fields="sAMAccountName mail description displayName givenName cn sn department title"
function err_log()
{
if [ $1 -eq 0 ]; then
echo $2" [Ok]" >> $log
else
echo $2" [Fail]" >> $log
fi
}
function if_path ()
{
if [ ! -d $1 ]; then
echo " $1..." >> $log
mkdir -p $1
err_log $? " $1"
else
echo " $1 " >> $log
fi
}
function search_users_AD()
{
echo " AD..." >> $log
$ldapsearch -x -o ldif-wrap=no -H $ldap_server -D $binddn -w $bindpw -b $basedn $filter $fields |
grep sAMAccountName |
egrep -v '^#|^$' |
awk '{print $2}' |
sort > $usname.ad
echo "Found () "`cat $usname.ad | wc -l`" Group in AD ( AD)" >> $log
}
function all_user_attr_zimbra()
{
$zmprov -l gaa -v $domain > $usname.gaa
cd $zim_us
csplit $usname.gaa --prefix='user.' --suffix-format='%03d.zim' --elide-empty-files -s /"# name"/ '{*}'
for i in $( ls $zim_us )
do
nam=`grep "# name" $zim_us/$i | awk '{ print $3}' | sed 's/@.*//g'`
mv -f $zim_us/$i $zim_us/$nam
done
cd $path
}
function search_user_zimbra()
{
echo " zimbra..." >> $log
ls $zim_us | sort > $usname.tem
diff -u -i $usname.tem $path/system.acc | sed 1,3d | grep ^- | cut -c 2- | sort > $usname.zim
echo "Found () "`cat $usname.zim | wc -l`" Group in Zimbra ( Zimbra)" >> $log
}
function diff_user_list()
{
diff -u -i $usname.zim $usname.ad | sed 1,3d | sed '/@.*/d' > $usname.diff
}
function adduser()
{
adddif=`grep ^+ $usname.diff | sed '1!d'`
if [ -n $adddif ];
then
for addus in $( grep ^+ $usname.diff | cut -c 2- )
do
ifclos=`grep "zimbraAccountStatus:" $zim_us/$addus | awk '{print $2}' | cut -c -1`
if [ $ifclos = "c" ];
then
echo "ma $addus@$domain zimbraAccountStatus active" >> $zmcmdfile
echo " $addus " >> $tmp_dir/send.txt
if [ $addus != "" ];
then
sync_one_user $addus
fi
else
echo "ca $addus@$domain 123456" >> $zmcmdfile
echo " $addus " >> $tmp_dir/send.txt
if [ $addus != "" ];
then
sync_one_user $addus
fi
fi
done
fi
}
function block_user()
{
deldif==`grep ^- $usname.diff | sed '1!d'`
if [ -n $deldif ];
then
for delus in $( grep ^- $usname.diff | cut -c 2- )
do
if [ $delus != "" ];
then
ifclos=`grep "zimbraAccountStatus:" $zim_us/$delus | awk '{print $2}'`
if [ "$ifclos" != "closed" ];
then
echo "user closed - $delus"
echo "ma $delus@$domain zimbraAccountStatus closed" >> $zmcmdfile
echo " $delus ! !" >> $tmp_dir/send.txt
echo $delus >> $path/close.1
cat $path/close.1 | sort > $path/close.diff
echo "$delus"
fi
fi
done
fi
}
function ifattr()
{
if1char=`echo $2 | cut -c -1`
if [[ -n $2 && $if1char != "" ]];
then
echo -n " $1 \"$2\"" >> $zmcmdfile
fi
}
function sync_one_user()
{
echo " $1..." >> $log
$ldapsearch -x -o ldif-wrap=no -H $ldap_server -D $binddn -w $bindpw -b $basedn "(sAMAccountName=$1)" $fields > $userfil/$1.ad
echo -n "ma "$1 >> $zmcmdfile
description=`grep "description:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}'`
ifattr "description" "$description"
displayName=`grep "displayName:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}' | base64 -d`
ifattr "displayName" "$displayName"
givenName=`grep "givenName:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}' | base64 -d`
ifattr "givenName" "$givenName"
cn=`grep "cn:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}'`
ifattr "cn" "$cn"
sn=`grep "sn:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}' | base64 -d`
ifattr "sn" "$sn"
department=`grep "department:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}' | base64 -d`
ifattr "company" "$department"
title=`grep "title:" $userfil/$1.ad | awk '{split ($0, a, ": "); print a[2]}' | base64 -d`
ifattr "title" "$title"
echo >> $zmcmdfile
mailnew=`grep "mail:" $userfil/$1.ad | awk '{print $2}'`
if [ "$mailnew" != "" ];
then
useralias=`grep "zimbraMailAlias:" $zim_us/${1,,} | awk '{print $2}'`
if [ $useralias != $mailnew ];
then
echo "aaa \"$1@$domain\" \"$mailnew\"" >> $zmcmdfile
fi
fi
echo " $1 " >> $tmp_dir/send.txt
}
date +%F-%H-%M
if_path $path
if_path $tmp_dir
if_path $log_dir
if_path $userfil
if_path $zim_us
:> $zmcmdfile
:> $tmp_dir/send.txt
search_users_AD
all_user_attr_zimbra
search_user_zimbra
diff_user_list
block_user
adduser
if [[ -n $1 && $1 = "all" ]];
then
for us in $(cat $usname.ad );
do
sync_one_user $us
done
fi
$zmprov -f $zmcmdfile
cat $zmcmdfile >> $log
if [ -s $tmp_dir/send.txt ];
then
$mutt -s " $timestamp" admins@test.ru -a $log < $tmp_dir/send.txt
fi
rm -R -f $tmp_dir